Email is ‘fundamentally broken’ says co-founder of Silent Circle

Douglas Crawford

September 27, 2013

Mike Janke, co-founder of security outfit Silent Circle has spoken out for the first time about the reasons his company closed its Silent Mail service. This followed Lavabit shutting its service down rather than compromise its customer’s privacy in the face of NSA pressure last month.

Talking about how email compared to similar modern services that are built from the ground up to ensure high levels of security,

‘Email is different. It’s fundamentally broken,’ Janke said, ‘the architecture was made 40 years ago. Imagine I’m sending you a letter in an envelope: this is encrypted email. They can’t open the letter to read what I wrote you – right, yet. But where it was from, my GPS location, what time, who I bcc’ed, the subject line.

‘We were sitting on metadata, so that we knew it was only a matter of time before someone would come to us. Email was different – the rest of our products have no metadata, no IP logging, no way – but email was fundamentally broken.’

Janke explained that Silent Circle’s email service was only ever intended as a temporary measure, to be used while it finished development of a more secure email solution,

‘We have been developing an email app that’s based upon our peer-to-peer encryption. We thought we’d have it done sooner, so this email [app] that we put out, the encrypted email, was a stop-gap. We thought we could put it out, and then replace it with the new. But we became a lot more popular than we thought around the world.’

When Lavabit closed its doors rather than submit to a secret NSA subpoena, Silent Circle reconsidered its email service, and diced to follow suit rather than be ‘complicit in crimes against the American people’ (as so eloquently put by Jon Callas, CTO of Lavabit).

Janke also said that major companies are not disclosing data breaches, and that some of the United States’ largest data brokers are using systems that have been badly compromised,

‘Customers of ours disclose that they’re being breached, weekly, and they don’t disclose it to shareholders.’

As a well-regarded security company, Janke says Silent Circle is often made party to deeply worrying admissions,

‘We’re like digital priests… Everybody calls us, or comes to our office, and tells us just every dirty thing that’s going on.

‘I sat and spoke with the chief information officer of a Fortune 500 company, and he’s telling me that they’re not reporting 80% of their data breaches. And I’m going, ‘there’s a law against that’.